/*
 * Copyright 2020-2030 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      https://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package com.gitee.minimalismstyle.fresh.common.security.config

import com.gitee.minimalismstyle.fresh.common.security.intercept.DynamicFilterSecurityInterceptor
import org.springframework.context.annotation.Configuration
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity
import org.springframework.security.config.annotation.web.builders.HttpSecurity
import org.springframework.security.core.AuthenticationException
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableOAuth2Client
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor
import javax.servlet.http.HttpServletRequest
import javax.servlet.http.HttpServletResponse

/**
 * 统一服务资源配置
 */
@Configuration
@EnableResourceServer
@EnableGlobalMethodSecurity(prePostEnabled = true)
class FreshResourceServerConfig (var dynamicFilterSecurityInterceptor: DynamicFilterSecurityInterceptor) : ResourceServerConfigurerAdapter() {

    @Throws(Exception::class)
    override fun configure(http: HttpSecurity) {
        http
                .addFilterAfter(dynamicFilterSecurityInterceptor, FilterSecurityInterceptor::class.java )
                .csrf().disable()
                .exceptionHandling()
                .authenticationEntryPoint { _: HttpServletRequest?, response: HttpServletResponse, _: AuthenticationException? -> response.sendError(HttpServletResponse.SC_UNAUTHORIZED) }
                .and()
                .authorizeRequests()
                .antMatchers(
                        "/actuator/**",
                        "/v2/api-docs",
                        "/sysCalendar/test",
                        "/swagger-ui.html"
                )
                .permitAll()
                .anyRequest()
                .permitAll()
                .and()
                .httpBasic()
    }
}